Prosím o kontrolu logu

[Peelie]

Dobrý deň. Telekom na Slovensku zvyšovalo rýchlosť internetu. Po zvýšení som mal vyššiu rýchlosť aj ja. Teraz ju mám ale o tretinu nižšiu.Prešiel som PC Malwarebytes.Nič nenašlo, preto posielam log DSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2016-09-20 11:57:56
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (26%) free of 110 GB
Total RAM: 8154 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:58, on 20. 9. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - D:\zde\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - D:\zde\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Unknown owner - D:\PROGRAMY\Zemana AntiMalware\ZAM.exe (file missing)

--
End of file - 4867 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Martin\AppData\Local\Temp\scoped_dir2952_8834\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-09-20 11:57:56 ----D---- C:\rsit
2016-09-20 11:57:56 ----D---- C:\Program Files\trend micro
2016-09-20 11:54:57 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-09-20 11:54:47 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-09-20 11:54:47 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-09-20 11:54:47 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-09-18 20:17:47 ----A---- C:\Windows\system32\drivers\Neo_0121.sys
2016-09-18 20:15:44 ----A---- C:\Windows\system32\vpncmd.exe
2016-09-18 20:15:33 ----D---- C:\Program Files\SoftEther VPN Client
2016-09-18 12:41:04 ----D---- C:\ProgramData\Malwarebytes
2016-09-01 15:40:30 ----D---- C:\Users\Martin\AppData\Roaming\Sun
2016-09-01 15:40:12 ----D---- C:\ProgramData\Oracle

======List of files/folders modified in the last 1 month======

2016-09-20 11:57:57 ----D---- C:\Windows\temp
2016-09-20 11:57:56 ----RD---- C:\Program Files
2016-09-20 11:54:57 ----D---- C:\Windows\system32\drivers
2016-09-20 11:07:01 ----D---- C:\Windows\System32
2016-09-20 11:07:01 ----D---- C:\Windows\inf
2016-09-20 11:07:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-09-19 16:07:54 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-09-19 16:07:52 ----D---- C:\Windows\system32\Macromed
2016-09-19 16:07:51 ----D---- C:\Windows\SYSWOW64\Macromed
2016-09-19 14:10:11 ----D---- C:\Users\Martin\AppData\Roaming\Spotify
2016-09-18 20:22:11 ----RD---- C:\Program Files (x86)
2016-09-18 20:18:02 ----D---- C:\Windows\system32\DriverStore
2016-09-18 20:18:00 ----SHD---- C:\System Volume Information
2016-09-18 16:58:49 ----D---- C:\Program Files (x86)\Google
2016-09-18 16:26:42 ----D---- C:\Windows\system32\Tasks
2016-09-18 16:26:41 ----D---- C:\Windows\Tasks
2016-09-18 13:02:42 ----D---- C:\Windows\Setup
2016-09-18 12:41:04 ----D---- C:\ProgramData
2016-09-16 11:12:24 ----D---- C:\Config.Msi
2016-09-16 11:11:24 ----SHD---- C:\Windows\Installer
2016-09-13 18:53:20 ----D---- C:\Windows\SysWOW64
2016-09-11 20:14:52 ----D---- C:\Windows\system32\config
2016-09-09 10:58:14 ----D---- C:\Windows\system32\catroot2
2016-09-08 16:11:26 ----D---- C:\Users\Martin\AppData\Roaming\vlc
2016-09-07 11:17:05 ----D---- C:\Program Files (x86)\Opera
2016-09-02 13:35:27 ----D---- C:\ProgramData\RegRun
2016-09-02 13:30:54 ----D---- C:\Windows\SYSWOW64\drivers
2016-09-02 13:30:28 ----RASHOT---- C:\Windows\winstart.bat
2016-09-01 16:05:57 ----D---- C:\Program Files (x86)\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-07-15 96256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0121.sys [2016-09-18 38432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys []
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S1 ZAM;ZAM Helper Driver; \??\C:\Windows\System32\drivers\zam64.sys []
S1 ZAM_Guard;ZAM Guard Driver; \??\C:\Windows\System32\drivers\zamguard64.sys []
S2 ksapi64;ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2014-12-17 40664]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2016-06-28 42064]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WiseHDInfo;WiseHDInfo; \??\C:\Windows\WiseHDInfo64.dll [2015-09-02 14800]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-09-08 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-07-29 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-07-28 344064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 MBAMService;MBAMService; D:\zde\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 MBAMScheduler;MBAMScheduler; D:\zde\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 ZAMSvc;ZAM Controller Service; D:\PROGRAMY\Zemana AntiMalware\ZAM.exe /service []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-19 270016]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-08 569024]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

[sorcer]

Už na tom pracuji..

[Peelie]

Ako vtip dosť slabé.

[Peelie]

Sorry,myslel som,že ide o vtip, lebo je tu nováček, ale vidím,že ste radca.

[altrok]

Hezky den,

sorcer je absolvent nasi male skolicky, proto ma rank Novacek (vizte http://forum.viry.cz/viewtopic.php?f=12&t=43122 ) a kazdy krok s nami konzultuje. Neni treba se niceho obavat. Drtivou vetsinou temat (ne-li vsechna) sledujeme a potencialni zaskodnik je rychle umlcen.

S pranim uspesneho vyreseni problemu, altrok.

[Peelie]

Jasne, nič sa nestalo.

[sorcer]

1) Zde je ke stahnutí AdwCleaner http://general-changelog-team.fr/fr/download/adwcleaner
2) Utilitu uložte na plochu
3) Mate-li spuštěné, ukončete všechny otevřené programy
4) Následně klikněte nejprve na Scan a poteClean
5) Po dokončení skenováni se objeví log, který sem vložte

[Peelie]

# AdwCleaner v6.020 - *Logfile created 21/09/2016 *at 15:26:29
# *Updated on 14/09/2016 by ToolsLib
# *Database : 2016-09-20.4 [*Server]
# *Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# *Username : Martin - MARTIN-PC
# *Running from : C:\Users\Martin\Downloads\adwcleaner_6.020.exe
# *Mode: Clean
# *Support : https://toolslib.net/forum



***** [ *Services ] *****



***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Martin\AppData\Roaming\Hola


***** [ *Files ] *****

[-] *File deleted: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\invalidprefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] *Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] *Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] *Key deleted: HKU\.DEFAULT\Software\Hola
[-] *Key deleted: HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Reimage
[-] *Key deleted: HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\Hola
[#] *Key deleted on reboot: HKCU\Software\Reimage
[#] *Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] *Key deleted on reboot: [x64] HKCU\Software\Reimage
[#] *Key deleted on reboot: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] *Key deleted: [x64] HKLM\SOFTWARE\Hola
[-] *Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] *Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] *Key deleted: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMSoftExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMSoftExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMSoftExt


***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3107 *Bytes] - [21/09/2016 15:26:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [3196 *Bytes] - [21/09/2016 15:26:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3255 *Bytes] ##########

[sorcer]

Proveďte prosím sken FRST. http://forum.viry.cz/viewtopic.php?f=24&t=132509

Log z FRST i Addition vložte sem, do Vašeho topicu.

Při varování u stahování FRSTLauncheru, vyberte v pravém dolním rohu Ignorovat

[Peelie]

Posielam logy:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Martin (administrator) on MARTIN-PC (22-09-2016 12:08:10)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {06E5CE54-26A7-489F-A9ED-8B53B6FC8C6A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {A8A2381B-85B6-4030-B763-863A4F470EAD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @qq.com/QQMusicHelper -> C:\Program Files (x86)\Tencent\QQMusicHelper\QQMusicHelper1257.13.23.47\npQQMusicHelper.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515885200-768628804-3900138106-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
FF Extension: (Popup Blocker Ultimate) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2016-09-21]
FF Extension: (Seznam lištička) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-09-21]

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2016-07-29]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-20]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-20]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ZAMSvc; "D:\PROGRAMY\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [38432 2016-09-18] (SoftEther Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-02] (wisecleaner.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-22 12:08 - 2016-09-22 12:08 - 00008583 _____ C:\Users\Martin\Desktop\FRST.txt
2016-09-22 12:05 - 2016-09-22 12:05 - 02402816 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-09-22 12:01 - 2016-09-22 12:01 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher (2).exe
2016-09-22 12:01 - 2016-09-22 12:01 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher (1).exe
2016-09-22 12:00 - 2016-09-22 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-09-22 11:57 - 2016-09-22 11:58 - 00029114 _____ C:\Users\Martin\Downloads\Addition.txt
2016-09-22 11:56 - 2016-09-22 12:08 - 00000000 ____D C:\FRST
2016-09-22 11:56 - 2016-09-22 11:58 - 00024992 _____ C:\Users\Martin\Downloads\FRST.txt
2016-09-21 18:15 - 2016-09-21 18:18 - 46431060 _____ C:\Users\Martin\Downloads\fikehc2ad01gb1.pdf
2016-09-21 17:53 - 2016-09-21 17:56 - 67701049 _____ C:\Users\Martin\Downloads\ejihfcb1d244gka.pdf
2016-09-21 17:17 - 2016-09-21 17:17 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1474471056
2016-09-21 17:17 - 2016-09-21 17:17 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-09-21 17:17 - 2016-09-21 17:17 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-21 15:24 - 2016-09-21 15:26 - 00000000 ____D C:\AdwCleaner
2016-09-21 13:52 - 2016-09-21 17:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 13:52 - 2016-09-21 17:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-21 13:52 - 2016-09-21 13:52 - 00000000 ____D C:\ProgramData\Mozilla
2016-09-21 13:37 - 2016-09-21 15:27 - 00000000 ____D C:\Program Files (x86)\Pale Moon
2016-09-21 13:37 - 2016-09-21 13:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Moonchild Productions
2016-09-21 13:37 - 2016-09-21 13:37 - 00000000 ____D C:\Users\Martin\AppData\Local\Moonchild Productions
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\Documents\Syncios
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Syncios Data Transfer
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Syncios
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SyncDroid
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\.android
2016-09-20 17:23 - 2016-09-20 17:23 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-09-20 12:36 - 2016-09-21 17:22 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-09-20 12:35 - 2016-09-20 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour
2016-09-20 12:35 - 2016-09-20 12:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-09-20 11:57 - 2016-09-20 11:57 - 00000000 ____D C:\rsit
2016-09-20 11:57 - 2016-09-20 11:57 - 00000000 ____D C:\Program Files\trend micro
2016-09-18 20:17 - 2016-09-18 20:17 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_0121.sys
2016-09-18 20:15 - 2016-09-18 20:15 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2016-09-18 12:41 - 2016-09-18 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-16 11:06 - 2016-09-16 11:06 - 00200535 _____ C:\Users\Martin\Downloads\VM_G_Lorencova46_Krompachy_AsistentUcitela(05.09.2016) (1).pdf
2016-09-08 12:02 - 2016-09-08 12:02 - 00200535 _____ C:\Users\Martin\Downloads\VM_G_Lorencova46_Krompachy_AsistentUcitela(05.09.2016).pdf
2016-09-07 16:36 - 2016-09-07 16:36 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Gametop
2016-09-07 15:41 - 2016-09-08 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2016-09-07 12:00 - 2016-09-07 12:00 - 00196890 _____ C:\Users\Martin\Downloads\MS_PO_Vazecka.pdf
2016-09-05 13:34 - 2016-09-05 13:34 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-05 13:34 - 2016-09-05 13:34 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Sun
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Sun
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\Users\Martin\.oracle_jre_usage
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\ProgramData\Oracle
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\org
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\META-INF
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\de
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\com
2016-08-25 12:42 - 2016-08-25 12:44 - 44009058 _____ C:\Users\Martin\Downloads\bs1wn.Uncut..October.2016.pdf
2016-08-25 11:51 - 2016-08-25 11:53 - 47416070 _____ C:\Users\Martin\Downloads\g4n6x.MOJO..October.2016.pdf
2016-08-25 11:03 - 2016-08-25 11:04 - 42242571 _____ C:\Users\Martin\Downloads\wjmv9.Q.Magazine..October.2016.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-22 11:52 - 2015-10-04 19:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-22 11:08 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-22 11:08 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-22 11:06 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-22 11:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-22 11:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-21 17:22 - 2016-01-14 18:08 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2016-09-21 17:17 - 2014-07-28 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-20 17:24 - 2014-07-28 18:35 - 00000000 ____D C:\Users\Martin
2016-09-20 12:51 - 2014-07-28 18:43 - 00001443 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-20 12:51 - 2014-07-28 18:43 - 00001409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-20 12:50 - 2014-08-24 12:31 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2016-09-20 12:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-20 11:02 - 2016-04-08 15:54 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-19 16:07 - 2016-04-08 15:54 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-19 16:07 - 2015-10-04 19:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-19 16:07 - 2014-07-29 13:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-19 16:07 - 2014-07-29 13:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-19 16:07 - 2014-07-29 13:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-19 16:07 - 2014-07-29 13:15 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-19 16:07 - 2014-07-29 13:14 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2016-09-19 14:10 - 2014-08-16 20:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2016-09-18 16:58 - 2015-01-27 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-18 13:02 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2016-09-16 16:26 - 2016-07-04 13:04 - 00000000 ____D C:\Users\Martin\AppData\Local\ESET
2016-09-16 11:11 - 2014-12-24 13:43 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-08 16:11 - 2014-08-23 21:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2016-09-05 13:35 - 2015-07-02 13:48 - 00000000 ____D C:\Users\Martin\AppData\Local\Apple Computer
2016-09-02 13:35 - 2016-08-20 17:51 - 00000000 ____D C:\ProgramData\RegRun
2016-09-02 13:32 - 2016-08-20 17:51 - 00000000 ____D C:\Users\Martin\Documents\RegRun2
2016-09-02 13:30 - 2016-08-20 17:51 - 00000002 RSHOT C:\Windows\winstart.bat
2016-09-02 13:30 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-09-02 13:30 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT

==================== Files in the root of some directories =======

2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Martin\AppData\Roaming\159 dk orange bl 4.ADO
2014-12-01 23:42 - 2014-12-01 23:42 - 0001157 _____ () C:\Users\Martin\AppData\Roaming\20-unhint-small-vera.conf
2015-02-12 07:07 - 2015-02-12 07:07 - 0000213 _____ () C:\Users\Martin\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2013-10-02 04:55 - 2013-10-02 04:55 - 0000940 _____ () C:\Users\Martin\AppData\Roaming\admon.graphics.extension.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0003523 _____ () C:\Users\Martin\AppData\Roaming\Adobe-Japan1-0
2013-10-02 04:54 - 2013-10-02 04:54 - 0000453 _____ () C:\Users\Martin\AppData\Roaming\Aqtau
2013-10-02 04:54 - 2013-10-02 04:54 - 0000065 _____ () C:\Users\Martin\AppData\Roaming\Bangui
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Martin\AppData\Roaming\BMC blue 4.ADO
2010-07-19 23:16 - 2010-07-19 23:16 - 0004751 _____ () C:\Users\Martin\AppData\Roaming\b_no.jpg
2013-10-02 04:54 - 2013-10-02 04:54 - 0000549 _____ () C:\Users\Martin\AppData\Roaming\Catamarca
2013-10-02 04:55 - 2013-10-02 04:55 - 0001978 _____ () C:\Users\Martin\AppData\Roaming\caution.tif
2014-05-08 07:44 - 2014-05-08 07:44 - 0002828 _____ () C:\Users\Martin\AppData\Roaming\CNS2-V
2013-10-02 04:56 - 2013-10-02 04:56 - 0001266 _____ () C:\Users\Martin\AppData\Roaming\compact.list.item.spacing.xml
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Martin\AppData\Roaming\Cool Gray 9 bl 4.ADO
2015-05-20 03:28 - 2015-05-20 03:28 - 0002176 _____ () C:\Users\Martin\AppData\Roaming\C_Enabled.png
2011-03-21 18:48 - 2011-03-21 18:48 - 0000512 _____ () C:\Users\Martin\AppData\Roaming\data2.cab
2013-10-02 04:55 - 2013-10-02 04:55 - 0002654 _____ () C:\Users\Martin\AppData\Roaming\dbtoepub
2013-10-02 04:56 - 2013-10-02 04:56 - 0001013 _____ () C:\Users\Martin\AppData\Roaming\double.sided.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004817 _____ () C:\Users\Martin\AppData\Roaming\dsc_checkup_tile.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004997 _____ () C:\Users\Martin\AppData\Roaming\dsc_drivers_tile.png
2014-05-08 07:44 - 2014-05-08 07:44 - 0002862 _____ () C:\Users\Martin\AppData\Roaming\dut1995phon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 0004279 _____ () C:\Users\Martin\AppData\Roaming\dxdiag.png
2007-01-16 02:00 - 2007-01-16 02:00 - 0003294 _____ () C:\Users\Martin\AppData\Roaming\Extravagancy.Y
2015-05-20 03:28 - 2015-05-20 03:28 - 0001592 _____ () C:\Users\Martin\AppData\Roaming\forward32.png
2013-10-02 04:54 - 2013-10-02 04:54 - 0001676 _____ () C:\Users\Martin\AppData\Roaming\Gibraltar
2013-10-02 04:56 - 2013-10-02 04:56 - 0005030 _____ () C:\Users\Martin\AppData\Roaming\graphics.xsl
2014-05-08 07:44 - 2014-05-08 07:44 - 0000672 _____ () C:\Users\Martin\AppData\Roaming\gre.fca
2013-10-02 04:54 - 2013-10-02 04:54 - 0000137 _____ () C:\Users\Martin\AppData\Roaming\Guatemala
2015-05-20 03:28 - 2015-05-20 03:28 - 0003291 _____ () C:\Users\Martin\AppData\Roaming\history_report_gray.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000941 _____ () C:\Users\Martin\AppData\Roaming\htmlhelp.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000963 _____ () C:\Users\Martin\AppData\Roaming\ignore.image.scaling.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0002116 _____ () C:\Users\Martin\AppData\Roaming\internetProperties.png
1987-02-02 02:00 - 1987-02-02 02:00 - 0046203 _____ () C:\Users\Martin\AppData\Roaming\Introvert.j6a
2013-10-02 04:56 - 2013-10-02 04:56 - 0001015 _____ () C:\Users\Martin\AppData\Roaming\javahelp.encoding.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004676 _____ () C:\Users\Martin\AppData\Roaming\lid_closure.png
2014-05-08 06:05 - 2014-05-08 06:05 - 0000117 _____ () C:\Users\Martin\AppData\Roaming\More Saturated.hdt
2013-10-02 04:54 - 2013-10-02 04:54 - 0000097 _____ () C:\Users\Martin\AppData\Roaming\Nairobi
2013-10-02 04:56 - 2013-10-02 04:56 - 0001093 _____ () C:\Users\Martin\AppData\Roaming\navig.graphics.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001519 _____ () C:\Users\Martin\AppData\Roaming\not_applicable_2.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0001315 _____ () C:\Users\Martin\AppData\Roaming\pcdrfingerprintreader.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0000781 _____ () C:\Users\Martin\AppData\Roaming\phone.png
2014-05-08 06:08 - 2014-05-08 06:08 - 0001433 _____ () C:\Users\Martin\AppData\Roaming\Plastic - Violet Purple, Strong & Flexible.3PP
2014-05-08 07:44 - 2014-05-08 07:44 - 0000972 _____ () C:\Users\Martin\AppData\Roaming\pol.fca
2013-10-02 04:55 - 2013-10-02 04:55 - 0001597 _____ () C:\Users\Martin\AppData\Roaming\projectteam.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001085 _____ () C:\Users\Martin\AppData\Roaming\qanda.inherit.numeration.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004156 _____ () C:\Users\Martin\AppData\Roaming\quick-test.png
2014-05-08 07:44 - 2014-05-08 07:44 - 0000889 _____ () C:\Users\Martin\AppData\Roaming\README_gu.txt
2014-05-08 07:44 - 2014-05-08 07:44 - 0001614 _____ () C:\Users\Martin\AppData\Roaming\s29.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003676 _____ () C:\Users\Martin\AppData\Roaming\save.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000883 _____ () C:\Users\Martin\AppData\Roaming\section.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001102 _____ () C:\Users\Martin\AppData\Roaming\section.title.level5.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001421 _____ () C:\Users\Martin\AppData\Roaming\security.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0000091 _____ () C:\Users\Martin\AppData\Roaming\SkyboxOutput.hlsli
2015-05-20 03:28 - 2015-05-20 03:28 - 0002649 _____ () C:\Users\Martin\AppData\Roaming\sysinfopage_forfile.css
2015-05-20 03:14 - 2015-05-20 03:14 - 0000110 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_ar.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0000095 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_it.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0000112 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_nl.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0001728 _____ () C:\Users\Martin\AppData\Roaming\tweakNetworkingManual_ko.p5p
2013-10-02 04:56 - 2013-10-02 04:56 - 0001323 _____ () C:\Users\Martin\AppData\Roaming\ulink.show.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001543 _____ () C:\Users\Martin\AppData\Roaming\user_attention.png
2015-07-25 16:15 - 2015-07-25 16:15 - 0007605 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2015-06-16 17:54 - 2015-06-16 17:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.15.82.exe
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\pjre.exe
C:\Users\Martin\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Martin\AppData\Local\Temp\SpOrder.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\tu17p84.exe
C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-21 14:44

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:107.32 GB) (Free:26 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.18 GB) NTFS

Available physical RAM: 6854.29 MB
Total physical RAM: 8154.46 MB
Percentage of memory in use: 15%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Martin (22-09-2016 12:08:26)
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM-x32\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version: - Crystal Dynamics)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION
Task: {647C3793-90BC-49B6-BE6E-FA87421FED6C} - System32\Tasks\{FADF754E-3625-4D73-8D9C-3200035B3856} => pcalua.exe -a "C:\Program Files (x86)\Tencent\QQMusic\QQMusic1257.13.23.40\QQMusicUninst.exe"
Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - \D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 -> No File <==== ATTENTION
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-19] (Adobe Systems Incorporated)
Task: {7A155A60-6AB1-4E88-A1FB-9230AD55948D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION
Task: {88605761-88BC-47C1-8176-15245C19CA17} - System32\Tasks\Opera scheduled Autoupdate 1474471056 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-05] (Opera Software)
Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - \AAF6B80D-57C6-4E1B-A87-4797EA17A06D -> No File <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {D037912B-7859-49BC-BFD0-C482F1CF161D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {D8044E06-3646-45FB-A080-F58C859785B2} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {DBDA8427-2F42-4CC4-92C6-68642A719DC9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-19] (Adobe Systems Incorporated)
Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-28 22:45 - 2015-07-28 22:45 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-03-09 16:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [{4340AC80-268D-4F82-98E3-E4FE4E6330BE}] => (Allow) LPort=58172
FirewallRules: [TCP Query User{F02F1000-7452-4F84-94A4-CC54251E99CF}C:\program files (x86)\milestone\motogp13_demo\motogp13.exe] => (Block) C:\program files (x86)\milestone\motogp13_demo\motogp13.exe
FirewallRules: [UDP Query User{D118FC67-2D5A-48EA-9C00-5C295DA6E3B3}C:\program files (x86)\milestone\motogp13_demo\motogp13.exe] => (Block) C:\program files (x86)\milestone\motogp13_demo\motogp13.exe
FirewallRules: [{1C0EAD07-CA59-4144-BBB4-966537ACEA9C}] => (Allow) D:\zde\UnHackMe\Unhackme.exe
FirewallRules: [{C08E48B1-AF8A-4D2D-BEBE-FC170DDCCF95}] => (Allow) D:\zde\UnHackMe\Unhackme.exe
FirewallRules: [{16E3CB7A-3A3C-4C90-84BA-968873C5BC68}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{D83982F7-0D8F-4B45-A44F-C3EEE8FD5A5F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{498B7232-9B2D-43C5-BFE2-4EC96E35D202}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{0C4F545F-6B4B-4560-8480-365BA2229570}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{760BEC02-468A-4406-A669-F325C3597264}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{5CFCFD7C-922E-422C-860D-367C51FD45CC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{04431A42-B67E-4A6F-A61D-CA7828AC4473}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A164118C-9A3A-4626-B164-03DCC3BCFC58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5D30C84-D022-4EE7-A4B4-10D20D618933}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

10-03-2016 18:10:31 ComboFix created restore point
18-03-2016 20:42:46 Plánovaný kontrolný bod
26-03-2016 18:41:51 Plánovaný kontrolný bod
03-04-2016 14:28:59 Plánovaný kontrolný bod
12-04-2016 14:11:21 Plánovaný kontrolný bod
19-04-2016 21:24:57 Plánovaný kontrolný bod
27-04-2016 15:26:01 Plánovaný kontrolný bod
07-05-2016 13:33:40 Plánovaný kontrolný bod
14-05-2016 17:47:17 Plánovaný kontrolný bod
24-05-2016 15:07:11 Plánovaný kontrolný bod
01-06-2016 15:40:03 Plánovaný kontrolný bod
07-06-2016 15:39:24 Installed Beatport Pro.
07-06-2016 15:44:06 Removed Beatport Pro.
15-06-2016 15:42:09 Plánovaný kontrolný bod
23-06-2016 16:34:56 Plánovaný kontrolný bod
02-07-2016 19:24:57 Inštalácia balíka ovládačov zariadenia: Anchorfree HSS VPN Adapter Sieťové adaptéry
04-07-2016 20:11:20 Uninstalled with Total Uninstall "Hotspot Shield 5.4.5"
06-07-2016 11:55:16 Inštalácia balíka ovládačov zariadenia: TAP-Windows Provider V9 Sieťové adaptéry
15-07-2016 12:04:50 Plánovaný kontrolný bod
22-07-2016 15:19:13 Plánovaný kontrolný bod
23-07-2016 18:50:11 Installed MotoGP13 Demo
23-07-2016 19:23:44 Removed MotoGP13 Demo
30-07-2016 15:57:49 TunnelBear
30-07-2016 16:00:44 Inštalácia balíka ovládačov zariadenia: TunnelBear Provider V9 Sieťové adaptéry
30-07-2016 16:03:58 TunnelBear
30-07-2016 16:14:02 TunnelBear
07-08-2016 11:40:30 Plánovaný kontrolný bod
16-08-2016 14:18:23 Plánovaný kontrolný bod
26-08-2016 19:43:13 Plánovaný kontrolný bod
01-09-2016 16:05:35 Removed Java 8 Update 101 (64-bit)
05-09-2016 13:35:07 Installed Safari
05-09-2016 13:37:17 Removed Safari
05-09-2016 13:37:42 Removed Bonjour
08-09-2016 15:09:25 Removed Bonjour
18-09-2016 20:17:54 Inštalácia balíka ovládačov zariadenia: SoftEther Corporation Sieťové adaptéry
20-09-2016 12:35:40 Installed Bonjour

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2016 11:06:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/22/2016 11:06:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/22/2016 11:03:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/21/2016 05:18:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/21/2016 05:18:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/21/2016 05:15:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/21/2016 03:32:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/21/2016 03:32:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/21/2016 03:29:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/21/2016 11:44:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (09/22/2016 11:01:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (09/22/2016 11:01:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126

Error: (09/21/2016 05:14:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (09/21/2016 05:13:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126

Error: (09/21/2016 03:27:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (09/21/2016 03:27:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126

Error: (09/21/2016 03:26:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bonjour Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (09/21/2016 03:26:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (09/21/2016 03:26:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (09/21/2016 03:26:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


CodeIntegrity:
===================================
Date: 2016-07-06 10:43:58.399
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-06 10:43:58.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-06 10:41:16.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-06 10:41:16.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-05 18:36:50.344
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-05 18:36:50.329
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-05 18:34:01.055
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-05 18:34:01.054
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-05 18:32:56.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-07-05 18:32:56.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Noobzo\GNUpdate\smw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 15%
Total physical RAM: 8154.46 MB
Available physical RAM: 6854.29 MB
Total Virtual: 16307.11 MB
Available Virtual: 14913.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.32 GB) (Free:26 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[sorcer]

1) Obsah fixu níže, nakopírujte do Notepadu + uložte jej jako: fixlist.txt
2) Soubor uložte na stejné místo, kde má aktuálně utilitu FRST

Kód: Vybrat vše

Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

C:\Program Files (x86)\Tencent
C:\Windows\WiseHDInfo64.dll

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF Plugin-x32: @qq.com/QQMusicHelper -> C:\Program Files (x86)\Tencent\QQMusicHelper\QQMusicHelper1257.13.23.47\npQQMusicHelper.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-515885200-768628804-3900138106-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]

S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-02] (wisecleaner.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION
Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - \D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 -> No File <==== ATTENTION
Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION
Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - \AAF6B80D-57C6-4E1B-A87-4797EA17A06D -> No File <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {D8044E06-3646-45FB-A080-F58C859785B2} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION
Task: {647C3793-90BC-49B6-BE6E-FA87421FED6C} - System32\Tasks\{FADF754E-3625-4D73-8D9C-3200035B3856} => pcalua.exe -a "C:\Program Files (x86)\Tencent\QQMusic\QQMusic1257.13.23.40\QQMusicUninst.exe"

END

3) Spusťte FRST a kliněte na tlačítko FIX
4) Restartujte PC.
5) Sledujte PC, jak se chová
5) Vytvořte nový log FRST a postněte jej do Vašeho topicu

[Peelie]

PC sa chová normálne.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Martin (administrator) on MARTIN-PC (23-09-2016 12:28:42)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {06E5CE54-26A7-489F-A9ED-8B53B6FC8C6A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {A8A2381B-85B6-4030-B763-863A4F470EAD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Popup Blocker Ultimate) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2016-09-21]
FF Extension: (Seznam lištička) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-09-21]

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2016-09-23]
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-20]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-20]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ZAMSvc; "D:\PROGRAMY\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [38432 2016-09-18] (SoftEther Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 12:23 - 2016-09-23 12:24 - 00009595 _____ C:\Users\Martin\Desktop\Fixlog.txt
2016-09-23 12:18 - 2016-09-23 12:19 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Notepad++
2016-09-23 12:18 - 2016-09-23 12:18 - 02829048 _____ C:\Users\Martin\Downloads\npp.7.Installer.exe
2016-09-23 12:18 - 2016-09-23 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-09-23 12:18 - 2016-09-23 12:18 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-09-22 15:40 - 2016-09-22 15:53 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2016-09-22 15:40 - 2016-09-22 15:40 - 00001982 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2016-09-22 15:40 - 2016-09-22 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2016-09-22 15:39 - 2016-09-22 15:39 - 36843726 _____ C:\Users\Martin\Downloads\SeaMonkey Setup 2.40.exe
2016-09-22 12:08 - 2016-09-23 12:28 - 00006773 _____ C:\Users\Martin\Desktop\FRST.txt
2016-09-22 12:08 - 2016-09-22 12:08 - 00029109 _____ C:\Users\Martin\Desktop\Addition.txt
2016-09-22 12:05 - 2016-09-22 12:05 - 02402816 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-09-22 12:01 - 2016-09-22 12:01 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher (2).exe
2016-09-22 12:01 - 2016-09-22 12:01 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher (1).exe
2016-09-22 12:00 - 2016-09-22 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-09-22 11:57 - 2016-09-22 11:58 - 00029114 _____ C:\Users\Martin\Downloads\Addition.txt
2016-09-22 11:56 - 2016-09-23 12:28 - 00000000 ____D C:\FRST
2016-09-22 11:56 - 2016-09-22 11:58 - 00024992 _____ C:\Users\Martin\Downloads\FRST.txt
2016-09-21 18:15 - 2016-09-21 18:18 - 46431060 _____ C:\Users\Martin\Downloads\fikehc2ad01gb1.pdf
2016-09-21 17:53 - 2016-09-21 17:56 - 67701049 _____ C:\Users\Martin\Downloads\ejihfcb1d244gka.pdf
2016-09-21 17:17 - 2016-09-21 17:17 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1474471056
2016-09-21 17:17 - 2016-09-21 17:17 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-09-21 17:17 - 2016-09-21 17:17 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-21 15:24 - 2016-09-21 15:26 - 00000000 ____D C:\AdwCleaner
2016-09-21 13:52 - 2016-09-21 17:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 13:52 - 2016-09-21 17:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-21 13:52 - 2016-09-21 13:52 - 00000000 ____D C:\ProgramData\Mozilla
2016-09-21 13:37 - 2016-09-21 15:27 - 00000000 ____D C:\Program Files (x86)\Pale Moon
2016-09-21 13:37 - 2016-09-21 13:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Moonchild Productions
2016-09-21 13:37 - 2016-09-21 13:37 - 00000000 ____D C:\Users\Martin\AppData\Local\Moonchild Productions
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\Documents\Syncios
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Syncios Data Transfer
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Syncios
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\AppData\Roaming\SyncDroid
2016-09-20 17:24 - 2016-09-20 17:24 - 00000000 ____D C:\Users\Martin\.android
2016-09-20 17:23 - 2016-09-20 17:23 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-09-20 12:36 - 2016-09-21 17:22 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-09-20 12:35 - 2016-09-20 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour
2016-09-20 12:35 - 2016-09-20 12:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-09-20 11:57 - 2016-09-20 11:57 - 00000000 ____D C:\rsit
2016-09-20 11:57 - 2016-09-20 11:57 - 00000000 ____D C:\Program Files\trend micro
2016-09-18 20:17 - 2016-09-18 20:17 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_0121.sys
2016-09-18 20:15 - 2016-09-18 20:15 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2016-09-18 12:41 - 2016-09-18 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-16 11:06 - 2016-09-16 11:06 - 00200535 _____ C:\Users\Martin\Downloads\VM_G_Lorencova46_Krompachy_AsistentUcitela(05.09.2016) (1).pdf
2016-09-08 12:02 - 2016-09-08 12:02 - 00200535 _____ C:\Users\Martin\Downloads\VM_G_Lorencova46_Krompachy_AsistentUcitela(05.09.2016).pdf
2016-09-07 16:36 - 2016-09-07 16:36 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Gametop
2016-09-07 15:41 - 2016-09-08 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2016-09-07 12:00 - 2016-09-07 12:00 - 00196890 _____ C:\Users\Martin\Downloads\MS_PO_Vazecka.pdf
2016-09-05 13:34 - 2016-09-05 13:34 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-05 13:34 - 2016-09-05 13:34 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Sun
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Sun
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\Users\Martin\.oracle_jre_usage
2016-09-01 15:40 - 2016-09-01 15:40 - 00000000 ____D C:\ProgramData\Oracle
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\org
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\META-INF
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\de
2016-09-01 15:37 - 2015-12-30 17:37 - 00000000 ____D C:\Users\Martin\Downloads\com
2016-08-25 12:42 - 2016-08-25 12:44 - 44009058 _____ C:\Users\Martin\Downloads\bs1wn.Uncut..October.2016.pdf
2016-08-25 11:51 - 2016-08-25 11:53 - 47416070 _____ C:\Users\Martin\Downloads\g4n6x.MOJO..October.2016.pdf
2016-08-25 11:03 - 2016-08-25 11:04 - 42242571 _____ C:\Users\Martin\Downloads\wjmv9.Q.Magazine..October.2016.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 12:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-23 12:15 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-23 12:15 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-23 12:12 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-23 12:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-22 18:52 - 2015-10-04 19:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-21 17:22 - 2016-01-14 18:08 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2016-09-21 17:17 - 2014-07-28 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-20 17:24 - 2014-07-28 18:35 - 00000000 ____D C:\Users\Martin
2016-09-20 12:51 - 2014-07-28 18:43 - 00001443 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-20 12:51 - 2014-07-28 18:43 - 00001409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-20 12:50 - 2014-08-24 12:31 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2016-09-20 12:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-20 11:02 - 2016-04-08 15:54 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-19 16:07 - 2016-04-08 15:54 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-19 16:07 - 2015-10-04 19:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-19 16:07 - 2014-07-29 13:15 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-19 16:07 - 2014-07-29 13:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-19 16:07 - 2014-07-29 13:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-19 16:07 - 2014-07-29 13:15 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-19 16:07 - 2014-07-29 13:14 - 00000000 ____D C:\Users\Martin\AppData\Local\Adobe
2016-09-19 14:10 - 2014-08-16 20:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2016-09-18 16:58 - 2015-01-27 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-18 13:02 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2016-09-16 16:26 - 2016-07-04 13:04 - 00000000 ____D C:\Users\Martin\AppData\Local\ESET
2016-09-16 11:11 - 2014-12-24 13:43 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-08 16:11 - 2014-08-23 21:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2016-09-05 13:35 - 2015-07-02 13:48 - 00000000 ____D C:\Users\Martin\AppData\Local\Apple Computer
2016-09-02 13:35 - 2016-08-20 17:51 - 00000000 ____D C:\ProgramData\RegRun
2016-09-02 13:32 - 2016-08-20 17:51 - 00000000 ____D C:\Users\Martin\Documents\RegRun2
2016-09-02 13:30 - 2016-08-20 17:51 - 00000002 RSHOT C:\Windows\winstart.bat
2016-09-02 13:30 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-09-02 13:30 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT

==================== Files in the root of some directories =======

2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Martin\AppData\Roaming\159 dk orange bl 4.ADO
2014-12-01 23:42 - 2014-12-01 23:42 - 0001157 _____ () C:\Users\Martin\AppData\Roaming\20-unhint-small-vera.conf
2015-02-12 07:07 - 2015-02-12 07:07 - 0000213 _____ () C:\Users\Martin\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2013-10-02 04:55 - 2013-10-02 04:55 - 0000940 _____ () C:\Users\Martin\AppData\Roaming\admon.graphics.extension.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0003523 _____ () C:\Users\Martin\AppData\Roaming\Adobe-Japan1-0
2013-10-02 04:54 - 2013-10-02 04:54 - 0000453 _____ () C:\Users\Martin\AppData\Roaming\Aqtau
2013-10-02 04:54 - 2013-10-02 04:54 - 0000065 _____ () C:\Users\Martin\AppData\Roaming\Bangui
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Martin\AppData\Roaming\BMC blue 4.ADO
2010-07-19 23:16 - 2010-07-19 23:16 - 0004751 _____ () C:\Users\Martin\AppData\Roaming\b_no.jpg
2013-10-02 04:54 - 2013-10-02 04:54 - 0000549 _____ () C:\Users\Martin\AppData\Roaming\Catamarca
2013-10-02 04:55 - 2013-10-02 04:55 - 0001978 _____ () C:\Users\Martin\AppData\Roaming\caution.tif
2014-05-08 07:44 - 2014-05-08 07:44 - 0002828 _____ () C:\Users\Martin\AppData\Roaming\CNS2-V
2013-10-02 04:56 - 2013-10-02 04:56 - 0001266 _____ () C:\Users\Martin\AppData\Roaming\compact.list.item.spacing.xml
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Martin\AppData\Roaming\Cool Gray 9 bl 4.ADO
2015-05-20 03:28 - 2015-05-20 03:28 - 0002176 _____ () C:\Users\Martin\AppData\Roaming\C_Enabled.png
2011-03-21 18:48 - 2011-03-21 18:48 - 0000512 _____ () C:\Users\Martin\AppData\Roaming\data2.cab
2013-10-02 04:55 - 2013-10-02 04:55 - 0002654 _____ () C:\Users\Martin\AppData\Roaming\dbtoepub
2013-10-02 04:56 - 2013-10-02 04:56 - 0001013 _____ () C:\Users\Martin\AppData\Roaming\double.sided.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004817 _____ () C:\Users\Martin\AppData\Roaming\dsc_checkup_tile.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004997 _____ () C:\Users\Martin\AppData\Roaming\dsc_drivers_tile.png
2014-05-08 07:44 - 2014-05-08 07:44 - 0002862 _____ () C:\Users\Martin\AppData\Roaming\dut1995phon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 0004279 _____ () C:\Users\Martin\AppData\Roaming\dxdiag.png
2007-01-16 02:00 - 2007-01-16 02:00 - 0003294 _____ () C:\Users\Martin\AppData\Roaming\Extravagancy.Y
2015-05-20 03:28 - 2015-05-20 03:28 - 0001592 _____ () C:\Users\Martin\AppData\Roaming\forward32.png
2013-10-02 04:54 - 2013-10-02 04:54 - 0001676 _____ () C:\Users\Martin\AppData\Roaming\Gibraltar
2013-10-02 04:56 - 2013-10-02 04:56 - 0005030 _____ () C:\Users\Martin\AppData\Roaming\graphics.xsl
2014-05-08 07:44 - 2014-05-08 07:44 - 0000672 _____ () C:\Users\Martin\AppData\Roaming\gre.fca
2013-10-02 04:54 - 2013-10-02 04:54 - 0000137 _____ () C:\Users\Martin\AppData\Roaming\Guatemala
2015-05-20 03:28 - 2015-05-20 03:28 - 0003291 _____ () C:\Users\Martin\AppData\Roaming\history_report_gray.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000941 _____ () C:\Users\Martin\AppData\Roaming\htmlhelp.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000963 _____ () C:\Users\Martin\AppData\Roaming\ignore.image.scaling.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0002116 _____ () C:\Users\Martin\AppData\Roaming\internetProperties.png
1987-02-02 02:00 - 1987-02-02 02:00 - 0046203 _____ () C:\Users\Martin\AppData\Roaming\Introvert.j6a
2013-10-02 04:56 - 2013-10-02 04:56 - 0001015 _____ () C:\Users\Martin\AppData\Roaming\javahelp.encoding.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004676 _____ () C:\Users\Martin\AppData\Roaming\lid_closure.png
2014-05-08 06:05 - 2014-05-08 06:05 - 0000117 _____ () C:\Users\Martin\AppData\Roaming\More Saturated.hdt
2013-10-02 04:54 - 2013-10-02 04:54 - 0000097 _____ () C:\Users\Martin\AppData\Roaming\Nairobi
2013-10-02 04:56 - 2013-10-02 04:56 - 0001093 _____ () C:\Users\Martin\AppData\Roaming\navig.graphics.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001519 _____ () C:\Users\Martin\AppData\Roaming\not_applicable_2.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0001315 _____ () C:\Users\Martin\AppData\Roaming\pcdrfingerprintreader.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0000781 _____ () C:\Users\Martin\AppData\Roaming\phone.png
2014-05-08 06:08 - 2014-05-08 06:08 - 0001433 _____ () C:\Users\Martin\AppData\Roaming\Plastic - Violet Purple, Strong & Flexible.3PP
2014-05-08 07:44 - 2014-05-08 07:44 - 0000972 _____ () C:\Users\Martin\AppData\Roaming\pol.fca
2013-10-02 04:55 - 2013-10-02 04:55 - 0001597 _____ () C:\Users\Martin\AppData\Roaming\projectteam.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001085 _____ () C:\Users\Martin\AppData\Roaming\qanda.inherit.numeration.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004156 _____ () C:\Users\Martin\AppData\Roaming\quick-test.png
2014-05-08 07:44 - 2014-05-08 07:44 - 0000889 _____ () C:\Users\Martin\AppData\Roaming\README_gu.txt
2014-05-08 07:44 - 2014-05-08 07:44 - 0001614 _____ () C:\Users\Martin\AppData\Roaming\s29.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003676 _____ () C:\Users\Martin\AppData\Roaming\save.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000883 _____ () C:\Users\Martin\AppData\Roaming\section.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001102 _____ () C:\Users\Martin\AppData\Roaming\section.title.level5.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001421 _____ () C:\Users\Martin\AppData\Roaming\security.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0000091 _____ () C:\Users\Martin\AppData\Roaming\SkyboxOutput.hlsli
2015-05-20 03:28 - 2015-05-20 03:28 - 0002649 _____ () C:\Users\Martin\AppData\Roaming\sysinfopage_forfile.css
2015-05-20 03:14 - 2015-05-20 03:14 - 0000110 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_ar.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0000095 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_it.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0000112 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_nl.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0001728 _____ () C:\Users\Martin\AppData\Roaming\tweakNetworkingManual_ko.p5p
2013-10-02 04:56 - 2013-10-02 04:56 - 0001323 _____ () C:\Users\Martin\AppData\Roaming\ulink.show.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001543 _____ () C:\Users\Martin\AppData\Roaming\user_attention.png
2015-07-25 16:15 - 2015-07-25 16:15 - 0007605 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2015-06-16 17:54 - 2015-06-16 17:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-21 14:44

==================== End of FRST.txt ============================

[sorcer]

Listicku od Seznam.cz používáte?

Chybí Vám IE11 a aktualizace OS (Windows updaty).

Doporučuji systém záplatovat a také doinstalovat nějaké antivirové řešení.

[Peelie]

Lištičku vymažem. Díky moc za pomoc.

[sorcer]

Odstraníme utility a nemáte-li dotazy, poroučím se.

1) Stahnete a spustte DelFix https://toolslib.net/downloads/viewdownload/2-delfix/
2) Oznacte pouze moznost "Remove disinfection tools"
3) Klik na Run